Image provided by NASA/NSSDC
This site is not endorsed by NASA. |
With today’s headlines
and the current regulatory and prosecutorial climate, sagacious
companies must create mechanisms to detect and prevent violations
of the laws. What was once treated as an SEC or civil tax
matter, may now result in a criminal investigation and a major
hit in reputation risk. The matter in which an organization
responds to an investigation may very well determine its future
survival. |
|
|
A compliance
program is a statement of the organization’s policies
and rules that include definitions of all applicable regulations
and laws, about which an organization must educate its staff.
This is essential. The monitoring of your organization’s
program and education of the staff are the two keys that give
your compliance program credence in the eyes of the law. How
do you implement this massive undertaking, ensuring that it
is properly maintained and monitored? ComplianceAlert
is the answer. |
The policies,
procedures and best practices that define your compliance
program are stored in ComplianceAlert’s
database, which is maintained by your compliance staff, in
the form of compliance-alerts.
They provide written guidance to the organization’s
staff on the appropriate implementation of the laws, rules,
and standards. A compliance-alert
defines and directs a particular
section of a compliance
issue to the group in the organization that needs to know.
It can be directed to the entire staff, a department, function,
or an individual.
See our extensive database of Categories
and References including ACH, Bank Secrecy Act, USA Patriot
Act, various Federal regulations, Sarbanes-Oxley Act and Customer
Privacy. |
|
See
a ComplianceAlert
|
Compliance-alerts
are delivered to the staff via the organization’s email
system. Daily scheduled email messages delivering the content
created within compliance-alerts
will be queued-up and automatically sent out during non-business
hours. Compliance-alerts
are delivered to the staffs’ email in-box and are immediately
available when they arrive in the morning. The staff can respond
when it is convenient for them during the day. Email messages
that are in-coming responses to compliance-alerts
are monitored by the application and are stored in the database.
The staff is required to acknowledge that they understand
the compliance issue received and have been in compliance
since the receipt of the previous compliance-alert,
if this was not the initial email message. |
ComplianceAlert
provides a continuous piecemeal approach to the on-going
education process. In addition to the email acknowledgement,
the staff may be periodically tested via “compliance
quizzes” issued by ComplianceAlert
to verify that they understand the information that has
been delivered to them throughout the year. The results
of these tests are recorded in the database for analysis.
The tracking of your educational program by staff member
is efficiently handled by the application. Reports may be
generated at any time, which can be printed for your regulators
to evidence the effectiveness of your program.
This effective training
must be in “all aspects of regulatory and
internal policies and procedures.” This challenge
is clearly met through the use of ComplianceAlert
and the storage of compliance-alerts
on every law, regulation and guideline that pertains to
the organization, not just the Bank Secrecy Act.
Section
352 (a) of the USA Patriot Act,
amended section 5318(h) of the Bank
Secrecy Act. As amended, section 5318(h)(1)
requires every financial institution to establish an anti-money
laundering program that includes, at a minimum:
(i) The development of internal policies,
procedures, and controls;
(ii) an ongoing employee training program;
(iii) an independent audit function to test programs;
and
(iv) the designation of a compliance officer.
ComplianceAlert
clearly satisfies three of the aforementioned four sub-sections:
(i) Documents the organization’s
internal policies, procedures, and controls…right
down to the level of the staff member.
(ii) Initiates a continuing education program that provides
a sensible and piecemeal approach on a personal level
as the staff member learns what pertains to their job
responsibilities, while relieving
them of the burden of reading the organization’s
entire compliance manual.
(iii) Provides a basis for an independent audit as every
policy statement and procedure is documented in the database.
How the compliance program pertains to each individual
is also documented and the electronic attestation by the
individual staff member that they understand their responsibilities
is registered within the database.
|
ComplianceAlert
automatically distributes and tracks the compliance issues
that apply to your business. It is also the delivery channel
for other internal policies and procedures, such as confidentiality
agreements and your code of ethics, which fall under the ever
growing umbrella of compliance. Designed as an education tool
and as a verification tool, ComplianceAlert
takes away the worry about notifying staff members of current
and past issues and tracking acknowledgements
that they understand and are indeed in compliance. This proactive
approach puts accountability squarely on the staff’s
shoulders! At the same time, this approach lowers compliance
and reputation risk for the organization. |
|
As new or amended regulations
or guidelines come across the compliance staff’s desktop,
they are interpreted as to their impact on various units or
defined compliance functions (an example of a defined compliance
function would be the Chief Financial Officer) within the
organization. One or more compliance-alerts
may be created as a result of this interpretation, which are
stored in the database ready for delivery. The compliance-alert
has a frequency associated with it that determines how often
it will be delivered to the selected staff during the year.
Files and URL-links can be stored with the compliance-alert
for delivery with the email message to supplement the regulatory
issue or simply as a reference in a data library for the compliance
staff.
The aforementioned email
messages are easily replied to by the staff by means of two
embedded links; a Yes
and No link.
Each compliance-alert
is written to obtain a Yes
reply, i.e., the staff member understands the content of the
email message and has been in compliance since the last compliance-alert
was received for that particular compliance issue. A Yes
reply updates the database but is not delivered to the compliance
staff’s inbox. A No
reply requires an explanation and is delivered to the compliance
staff as well as updates the database. The third option is
for the staff member to defer their response by deleting the
email message without replying. The organization determines
how many reminder notices it would like to send and the frequency
of such reminders. The last reminder notice contains stronger
language, developed by the organization, to encourage a response.
This last reminder notice is also copied to that person’s
supervisor. If the last reminder notice does not elicit a
response, the compliance staff is informed and appropriate
action will be determined with management.
|
Click
to zoom
|
A compliance-alert
can reference a file (PowerPoint, Adobe PDF, Word, etc.) that
a staff member may retrieve and review via a simple mouse-click
to a file on a shared network folder or reference to an embedded
URL link that would take the staff member to the applicable
website. Thus, you could make an electronic copy of related
material on this subject matter, reference a Power Point presentation
that you may have received at a seminar, or provide a list
of frequently asked questions on this particular issue. As
a file or URL is linked to a compliance-alert,
the ComplianceAlert Reference
Library is automatically updated to facilitate
research. |
The
Reference Library organizes files and URLs
under the categories of the compliance-alerts
that they were created under. Once a category (or Library)
is selected, all files and URLs previously saved will be displayed.
Files are displayed separately from URL’s and all compliance-alerts
that have been associated with the file or URL will also be
displayed when a file or URL is selected from within the Reference
Library. This becomes the compliance staff’s
file manager thereby eliminating the need to maintain paper
copies. |
During the
creation of a compliance-alert,
the compliance staff assigns the compliance “category”
and a sub-classification of the category called the “reference”
field. For example, compliance-alerts
for the USA Patriot Act (the category) describing section
326 (the reference). |
Click
to zoom |
The compliance staff
establish the frequency period for the repetitive delivery
of the compliance-alert (ranging from weekly to annual) throughout
the year. The compliance staff determine and assign staff
members to each compliance-alert.
There are three options that can be used together or individually
for the assignment of staff: by unit, by compliance function
or staff name. Special release and ad
hoc capability is also provided. If an amendment
to a law is issued, the compliance staff can immediately update
the appropriate compliance-alert
and send out an update via a special release.
The original frequency is maintained. If a new SDN list is
released by OFAC, a previously issued ad hoc
compliance-alert
can be reused. |
Click
to zoom |
ComplianceAlert
delivers on the continuing education of management and staff,
as it provides written guidance on the appropriate implementation
of the laws, rules, and best practices that comprise the compliance
program to each individual. Additionally, ComplianceAlert
provides the verification that the staff is aware of and is
complying with all applicable rules and regulations that define
the organization’s compliance. The ability to provide
both the education and proof of an ongoing compliance program
has become even more crucial in today’s climate of corporate
mistrust. ComplianceAlert
allows your organization to alert staff of laws, regulations
and guidelines that are applicable to their job function and
ensures a method of confirming that they understand them.
This confirmation is accomplished in ComplianceAlert
via the “periodic quiz” function. This feature
further substantiates to the regulators that the organization
has taken every conceivable step to ensure that the staff
has been educated. This function also reinforces the issues
being delivered to an individual by the very nature of being
repetitive. The organization determines how often it would
like to test their staff throughout the year.
ComplianceAlert ensures that each
employee’s suite of questions is delivered and the employee
is tested within a twelve month period by selecting the appropriate
number of questions for each examination. |
Using ComplianceAlert
also reduces the number staff meetings needed throughout
the year to explain the bank’s compliance program
and eliminates the administrative time involved preparing
for such meetings.
Power Point presentations and streaming videos can be referenced
to a compliance-alert
thereby accomplishing the same results. Even better is the
fact that the staff electronically attest that they understand
what they just reviewed knowing that they will eventually
be tested on this newfound knowledge if the compliance staff
so chooses. This keeps the staff working and keeps the “income
generators” earning income and precludes missing movements
in the markets and critical communications with customers.
|
  
|
|
